package com.pn.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/*
  Security的配置类:
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /*
    1.认证配置:
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("admin")
                .password("123");
    }
    */

    /*
     2.请求配置:
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //取消跨站跨域请求的检查
        http.cors().disable();
        http.csrf().disable();

        //对actuator暴露的所有监控端口(url接口)不需要登录都直接放行
        http.authorizeRequests().antMatchers("/actuator/**").permitAll();

        //通过调用继承自父类的configure(HttpSecurity)方法来实现提供登录表单,设置其它请求必须登录后才可以访问
        super.configure(http);
    }
}
